Nethence Newdoc Olddoc Lab Your IP BBDock  

Setup SSL for M/Monit

Just use Apache or NGINX reverse proxy to handle the SSL… Or if you really go down that road with M/Monit, here are some hints below.

Eventually backup your container as it is,

docker commit -p mmonitprod mmonit.`date +%s`.before.ssl

Make sure the hostname you are going to use resolves itself on the container, e.g.,

vi /etc/hosts
172.17.0.4      mmonit.example.com   mmonit

From the docker host, CONCATENATE IN THAT ORDER and send your SSL certificates to the container,

cd /etc/httpd/ssl/
cat private_key.pkey certificate.crt intermediate_and_ca.crt > allcert.pem
chmod 400 allcert.pem
cp -p allcert.pem /data/mmonitprod/

Note. alternatively, you could also,

#on the docker host,
cp -p allcert.pem ~scpuser/
chown scpuser:scpuser ~scpuser/allcert.pem

#on the mmonit container,
apt install openssh-client
scp remoteuser@dockerhost:~/alcert.pem ~/

#back to the docker host, don't forget to,
rm -f ~scpuser/allcert.pem

In any case, make sure allcert.pem is copied into mmonit/conf/ with perms 400 and ownership (TODO CHECK root vs mmonit user).

Enable HTTPS,

cd /root/mmonit/conf/
cp -pi server.xml server.xml.dist

export TERM=xterm
vi server.xml
<Connector address="*" port="443" processors="10" secure="true" />

<Engine name="mmonit" defaultHost="mmonit.example.com" fileCache="10MB">

    <Host name="mmonit.example.com" appBase="." address="172.17.0.4" certificate="conf/allcert.pem">

Note. change to container’s IP address accordingly.

References


Home | GitHub | Donate